mirror of
https://git.busybox.net/buildroot.git
synced 2024-11-27 15:33:28 +08:00
package/ntfs-3g: security bump to version 2021.8.22
- Fixed vulnerability threats caused by maliciously tampered NTFS
partitions (CVE-2021-33285, CVE-2021-33286, CVE-2021-33287, etc.):
https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
- Drop patch (already in version)
https://github.com/tuxera/ntfs-3g/wiki/NTFS-3G-Release-History
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
(cherry picked from commit 57adb82576
)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
parent
d13ad85518
commit
918aa6ec58
@ -1,72 +0,0 @@
|
||||
From 85c1634a26faa572d3c558d4cf8aaaca5202d4e9 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= <jean-pierre.andre@wanadoo.fr>
|
||||
Date: Wed, 19 Dec 2018 15:57:50 +0100
|
||||
Subject: [PATCH] Fixed reporting an error when failed to build the mountpoint
|
||||
|
||||
The size check was inefficient because getcwd() uses an unsigned int
|
||||
argument.
|
||||
|
||||
Fixes CVE-2019-9755: An integer underflow issue exists in ntfs-3g 2017.3.23.
|
||||
A local attacker could potentially exploit this by running /bin/ntfs-3g with
|
||||
specially crafted arguments from a specially crafted directory to cause a
|
||||
heap buffer overflow, resulting in a crash or the ability to execute
|
||||
arbitrary code. In installations where /bin/ntfs-3g is a setuid-root
|
||||
binary, this could lead to a local escalation of privileges.
|
||||
|
||||
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
||||
---
|
||||
src/lowntfs-3g.c | 6 +++++-
|
||||
src/ntfs-3g.c | 6 +++++-
|
||||
2 files changed, 10 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/lowntfs-3g.c b/src/lowntfs-3g.c
|
||||
index 993867fa..0660439b 100644
|
||||
--- a/src/lowntfs-3g.c
|
||||
+++ b/src/lowntfs-3g.c
|
||||
@@ -4411,7 +4411,8 @@ int main(int argc, char *argv[])
|
||||
else {
|
||||
ctx->abs_mnt_point = (char*)ntfs_malloc(PATH_MAX);
|
||||
if (ctx->abs_mnt_point) {
|
||||
- if (getcwd(ctx->abs_mnt_point,
|
||||
+ if ((strlen(opts.mnt_point) < PATH_MAX)
|
||||
+ && getcwd(ctx->abs_mnt_point,
|
||||
PATH_MAX - strlen(opts.mnt_point) - 1)) {
|
||||
strcat(ctx->abs_mnt_point, "/");
|
||||
strcat(ctx->abs_mnt_point, opts.mnt_point);
|
||||
@@ -4419,6 +4420,9 @@ int main(int argc, char *argv[])
|
||||
/* Solaris also wants the absolute mount point */
|
||||
opts.mnt_point = ctx->abs_mnt_point;
|
||||
#endif /* defined(__sun) && defined (__SVR4) */
|
||||
+ } else {
|
||||
+ free(ctx->abs_mnt_point);
|
||||
+ ctx->abs_mnt_point = (char*)NULL;
|
||||
}
|
||||
}
|
||||
}
|
||||
diff --git a/src/ntfs-3g.c b/src/ntfs-3g.c
|
||||
index 6ce89fef..4e0912ae 100644
|
||||
--- a/src/ntfs-3g.c
|
||||
+++ b/src/ntfs-3g.c
|
||||
@@ -4148,7 +4148,8 @@ int main(int argc, char *argv[])
|
||||
else {
|
||||
ctx->abs_mnt_point = (char*)ntfs_malloc(PATH_MAX);
|
||||
if (ctx->abs_mnt_point) {
|
||||
- if (getcwd(ctx->abs_mnt_point,
|
||||
+ if ((strlen(opts.mnt_point) < PATH_MAX)
|
||||
+ && getcwd(ctx->abs_mnt_point,
|
||||
PATH_MAX - strlen(opts.mnt_point) - 1)) {
|
||||
strcat(ctx->abs_mnt_point, "/");
|
||||
strcat(ctx->abs_mnt_point, opts.mnt_point);
|
||||
@@ -4156,6 +4157,9 @@ int main(int argc, char *argv[])
|
||||
/* Solaris also wants the absolute mount point */
|
||||
opts.mnt_point = ctx->abs_mnt_point;
|
||||
#endif /* defined(__sun) && defined (__SVR4) */
|
||||
+ } else {
|
||||
+ free(ctx->abs_mnt_point);
|
||||
+ ctx->abs_mnt_point = (char*)NULL;
|
||||
}
|
||||
}
|
||||
}
|
||||
--
|
||||
2.20.1
|
||||
|
@ -1,4 +1,4 @@
|
||||
# Locally calculated
|
||||
sha256 3e5a021d7b761261836dcb305370af299793eedbded731df3d6943802e1262d5 ntfs-3g_ntfsprogs-2017.3.23.tgz
|
||||
sha256 55b883aa05d94b2ec746ef3966cb41e66bed6db99f22ddd41d1b8b94bb202efb ntfs-3g_ntfsprogs-2021.8.22.tgz
|
||||
sha256 231f7edcc7352d7734a96eef0b8030f77982678c516876fcb81e25b32d68564c COPYING
|
||||
sha256 d7bf9d064ac3e5840f9dd02422b7eeec4f1fd03f37fadbd043602be5e882304f COPYING.LIB
|
||||
|
@ -4,7 +4,7 @@
|
||||
#
|
||||
################################################################################
|
||||
|
||||
NTFS_3G_VERSION = 2017.3.23
|
||||
NTFS_3G_VERSION = 2021.8.22
|
||||
NTFS_3G_SOURCE = ntfs-3g_ntfsprogs-$(NTFS_3G_VERSION).tgz
|
||||
NTFS_3G_SITE = http://tuxera.com/opensource
|
||||
NTFS_3G_CONF_OPTS = --disable-ldconfig
|
||||
@ -14,9 +14,6 @@ NTFS_3G_LICENSE = GPL-2.0+, LGPL-2.0+
|
||||
NTFS_3G_LICENSE_FILES = COPYING COPYING.LIB
|
||||
NTFS_3G_CPE_ID_VENDOR = tuxera
|
||||
|
||||
# 0001-Fixed-reporting-an-error-when-failed-to-build-the-mo.patch
|
||||
NTFS_3G_IGNORE_CVES += CVE-2019-9755
|
||||
|
||||
ifeq ($(BR2_PACKAGE_LIBFUSE),y)
|
||||
NTFS_3G_CONF_OPTS += --with-fuse=external
|
||||
NTFS_3G_DEPENDENCIES += libfuse
|
||||
|
Loading…
Reference in New Issue
Block a user